The Law on Personal Data Protection (the “Law”) was enacted on October 27th 2008, and has been applied since January 1st 2009. Several bylaws were enacted during 2009 which are relevant to the implementation of the Law, and on August 20th 2010 the Republic of Serbia also adopted a Personal Data Protection Strategy.
Recording databases of personal data compiled before January 1st 2009.
The transitional and final provisions of the Law stipulate that all natural and legal entities and governmental bodies that process data (“Data Controller”) shall be obligated to
(i) harmonize all databases (defined as (non)automated collections of data, regardless of the manner and place of storing such data) and records of databases (catalogue of databases, governed by the rule one database – one record, i.e. each database had its own record)
(ii) compiled (made) before the commencement of application of the Law, i.e. by January 1st 2009,
(iii) with the provisions of the Law by January 1st 2010,
(iv) and to forward such harmonized database records to the governmental body in charge of matters relating to personal data protection (the “Commissioner”).
The Data Controller shall forward each harmonized database record to the Commissioner on the proper form (as prescribed by the Decree on the form for and manner of keeping records on personal data processing adopted in 2009).
The rest of the Law analysis you can read HERE LINK